Tripwire has reported the results of new research that evaluated cloud security practices across enterprise environments in 2021. Conducted for Tripwire by Dimensional Research, the survey evaluated the opinions of 314 security professionals with direct responsibility for the security of public cloud infrastructure within their organisation. According to the research, 73% currently operate in a multi-cloud environment, but security professionals responsible for these types of complex environments overwhelmingly (98%) report that relying on multiple cloud providers creates additional security challenges.
Organisations have a wide range of reasons for going multi-cloud, including meeting varying business needs, running certain applications, distributing risk, taking advantage of cost savings, and to provide redundancy in the event of downtime. In the industrial space specifically, organisations are twice as likely to use a multi-cloud approach to manage risk.
“We’ve seen a massive shift to cloud in response to the growing business need to manage more data and have greater accessibility,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Given the growing complexity of systems and threats that come with moving to a cloud environment and security policies that are unique to each provider, it makes sense that organisations are finding it increasingly difficult to secure the perimeter.”
The majority (59%) have configuration standards for their public cloud and use best-practice security frameworks (78%), but only 38% of framework users apply them consistently across their cloud environment. Not to mention, only 21% have a centralised view of their organisation’s security posture and policy compliance across all cloud accounts. Most also noted that shared responsibility models for security between cloud service providers and their customers are not always clear – three quarters rely on third-party tools or expertise to secure their cloud environment.
Additionally, the survey examined ongoing concerns of security professionals responsible cloud infrastructure. When it comes to managing their cloud environment, most organisations rely/relied on existing security teams to complete training or self-teach, but only 9% of those surveyed would categorise their internal teams as experts. Overall, customers want cloud providers to increase security efforts. Most (98%) would like to see specific security improvements, including communicating security issues faster and following consistent security frameworks. And 77% prefer their existing security service extends into the cloud rather than finding a separate cloud-only solution.
“For most security professionals, managing a multi-cloud environment is a fairly new and somewhat ambiguous part of their day to day,” observed Erlin. “Fortunately, there are well established frameworks and solutions that exist to help fill in the gaps and ensure organisations don’t have to rely solely on their cloud providers to secure their environment.”
Organisations have come to realise that cloud providers don’t offer the tools they need to fully secure their systems, and as a result, are taking matters into their own hands. In the last year, there has been an increase in the number of companies doing real-time assessments of their cloud security posture and a slight increase in the level of enforcement automation, both positive indications that companies are taking the necessary steps to harden their cloud environments.